What is end-to-end encryption?
end-to-end encoding ( E2EE ) is a method of secure communication that prevents third base parties from accessing data while it ‘s transferred from one end arrangement or device to another .
In E2EE, the data is encrypted on the sender ‘s system or device, and only the mean recipient role can decrypt it. As it travels to its destination, the message can not be read or tampered with by an internet service supplier ( ISP ), application serve provider, hacker or any other entity or service .
many popular messaging service providers use throughout encoding, including Facebook, WhatsApp and Zoom. These providers have faced controversy around the decision to adopt E2EE. The engineering makes it harder for providers to share exploiter information from their services with authorities and potentially provides secret message to people involved in illicit activities .
How does end-to-end encryption work?
The cryptanalytic keys used to encrypt and decrypt the messages are stored on the endpoints. This approach uses populace key encoding.
Public key, or asymmetrical, encoding uses a public samara that can be shared with others and a private key. once shared, others can use the public identify to encrypt a message and send it to the owner of the public key. The message can only be decrypted using the equate private key, besides called the decoding key .
In on-line communications, there is about always an mediator pass off messages between two parties involved in an exchange. That mediator is normally a server belong to an ISP, a telecommunications party or a variety show of other organizations. The populace identify infrastructure E2EE uses ensures the intermediaries can not eavesdrop on the messages that are being sent .
The method for ensuring a public key is the legitimate key created by the intend recipient role is to embed the public key in a certificate that has been digitally signed by a recognized certificate authority ( CA ). Because the CA ‘s public samara is wide distributed and known, its veracity can be counted on ; a security signed by that public key can be presumed authentic. Since the certificate associates the recipient ‘s name and public key, the CA would presumably not sign a certificate that associated a different public key with the same diagnose .
This diagram shows what happens when Bob sends Alice a message using end-to-end encryption.
How does E2EE differ from other types of encryption?
What makes throughout encoding singular compared to early encoding systems is that lone the endpoints — the transmitter and the receiver — are capable of decrypting and reading the message. Symmetric key encoding, which is besides known as single-key or hidden key encoding, besides provides an unbroken layer of encoding from sender to recipient, but it uses only one key to encrypt messages .
The key used in single-key encoding can be a password, code or chain of randomly generated numbers and is sent to the message recipient, enabling them to unencrypt the message. It may be complex and make the message look like gibberish to intermediaries passing it from transmitter to receiver. however, the message can be intercepted, decrypted and read, no matter how drastically the one samara changes it if an mediator gets ahold of the key. E2EE, with its two keys, keeps intermediaries from accessing the key and decrypting the message .
End-to-end encryption uses an asymmetric approach. See how that compares to the symmetric encryption methodology.
Another criterion encoding scheme is encoding in transit. In this scheme, messages are encrypted by the sender, decrypted intentionally at an mediator point — a third-party server owned by the message service provider — and then reencrypted and sent to the recipient role. The message is indecipherable in theodolite and may use two-key encoding, but it is not using throughout encoding because the message has been decrypted before reaching its final recipient .
encoding in theodolite, like E2EE, keeps messages from being intercepted on their travel, but it does create potential vulnerabilities at that center where they are decrypted. The Transport Layer Security encoding protocol is an example of encoding in transit .
How is end-to-end encryption used?
throughout encoding is used when data security is necessary, including in the finance, healthcare and communication industries. It is frequently used to help companies comply with data privacy and security regulations and laws.
Read more: Ciphertext indistinguishability – Wikipedia
For example, an electronic point-of-sale ( POS ) system provider would include E2EE in its offer to protect medium information, such as customer credit card data. Including E2EE would besides help a retailer comply with the Payment Card Industry Data Security Standard ( PCI DSS ), which mandates that card numbers, magnetic stripe data and security codes are not stored on client devices .
What does end-to-end encryption protect against?
E2EE protects against the succeed two threats :
- Prying eyes. E2EE keeps anyone other than the sender and intended recipient from reading message information in transit because only the sender and recipient have the keys to decrypt the message. Although the message may be visible to an intermediary server that is helping move the message along, it won’t be legible.
- Tampering. E2EE also protects against tampering with encrypted messages. There is no way to predictably alter a message encrypted this way, so any attempts at altering would be obvious.
What doesn’t end-to-end encryption protect against?
Although the E2EE winder exchange is considered unbreakable using known algorithms and current computing world power, there are respective identified potential weaknesses of the encoding scheme, including the follow three :
- Metadata. While E2EE protects the information inside a message, it does not conceal information about the message, such as the date and time it was sent or the participants in the exchange. This metadata could give malicious actors with an interest in the encrypted information clues as to where they may be able to intercept the information once it has been unencrypted.
- Compromised endpoints. If either endpoint has been compromised, an attacker may be able to see a message before it is encrypted or after it is decrypted. Attackers could also retrieve keys from compromised endpoints and execute a man-in-the-middle attack with a stolen public key.
- Vulnerable intermediaries. Sometimes, providers claim to offer end-to-end encryption when what they really offer is closer to encryption in transit. The data may be stored on an intermediary server where it can be accessed.
Find out more about data security
Protect against evolving data security system threats
How to secure data at perch, in use and in apparent motion
Invest in obscure security to future-proof your organization
Making the subject for integrated hazard management
Advantages of end-to-end encryption
The chief advantage of end-to-end encoding is a high level of data privacy, provided by the follow features :
- Security in transit. End-to-end encryption uses public key cryptography, which stores private keys on the endpoint devices. Messages can only be decrypted using these keys, so only people with access to the endpoint devices are able to read the message.
- Tamper-proof. With E2EE, the decryption key does not have to be transmitted; the recipient will already have it. If a message encrypted with a public key gets altered or tampered with in transit, the recipient will not be able to decrypt it, so the tampered contents will not be viewable.
- Compliance. Many industries are bound by regulatory compliance laws that require encryption-level data security. End-to-end encryption can help organizations protect that data by making it unreadable.
Disadvantages of end-to-end encryption
Although E2EE broadly does a good job of securing digital communications, it does not guarantee data security. Shortcomings of E2EE include the follow :
Read more: Dual_EC_DRBG – Wikipedia
- Complexity in defining the endpoints. Some E2EE implementations allow the encrypted data to be decrypted and reencrypted at certain points during transmission. This makes it important to clearly define and distinguish the endpoints of the communication circuit.
- Too much privacy. Government and law enforcement agencies express concern that end-to-end encryption can protect people sharing illicit content because service providers are unable to provide law enforcement with access to the content.
- Visible metadata. Although messages in transit are encrypted and impossible to read, information about the message — date sent and recipient, for instance — is still visible, which may provide useful information to an interloper.
- Endpoint security. If endpoints are compromised, encrypted data may be revealed.
- Not future-proof. Although end-to-end encryption is a strong technology now, there is speculation that eventually quantum computing will render cryptography obsolete.
Applications that use E2EE
The first widely used E2EE messaging software was pretty estimable Privacy, which secured e-mail and stored files and digital signatures. Text message applications frequently use end-to-end encoding, including Apple ‘s iMessage, Jabber and Signal Protocol ( once TextSecure Protocol ). POS providers, like Square, besides use E2EE protocols to help maintain PCI complaisance .
In 2019, Facebook announced that all three of its message services would begin using E2EE. however, jurisprudence enforcement and intelligence agencies argue that encoding limits Facebook ‘s ability to police illegal action on its platforms. The debate often focuses on how E2EE can make it more unmanageable to identify and disrupt child misuse on individual message platforms .
encoding is just one nibble of data security in the enterprise. Learn more about all aspects of data security and complaisance in our comprehensive usher .